Guys, also this is not directly related to the API design and as Isuru said we will have to think about different token types. At present many users ask for JWT tokens as oppose random string tokens. So should we think about the type too ?
On Fri, Jun 30, 2017 at 12:35 AM, Isuru Haththotuwa <[email protected]> wrote: > Just a thought; since we are going to support Key types other than OAuth > for API invocation, should we consider renaming the rest resources to > indicate that this is about generating OAuth keys/tokens? > > On Wed, Jun 28, 2017 at 1:37 PM, Bhathiya Jayasekara <[email protected]> > wrote: > >> Hi all, >> >> As discussed in [1], I split generate keys operation into 2, and added >> "provide-keys" operation for semi-manual client registration. Here is the >> final list with sample requests and responses. >> >> >> POST /applications/{applicationId}/generate-keys >> >> { >> "keyType": "PRODUCTION", >> "grantTypesToBeSupported": [ >> "client-credentials", "password" >> ], >> "callbackUrl": "http://localhost/callback"} >> >> >> Response >> >> { >> "consumerKey": "xxxxxxxxxxxxxxxxxx", >> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >> "supportedGrantTypes": [ >> "client-credentials", "password" >> ], >> "callbackUrl": "http://localhost/callback";, >> "keyType": "PRODUCTION"} >> >> >> >> POST /applications/{applicationId}/provide-keys >> >> { >> "consumerKey": "xxxxxxxxxxxxxxxxxxxx", >> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >> "keyType": "PRODUCTION"} >> >> >> Response >> >> { >> "consumerKey": "xxxxxxxxxxxxxxxxxx", >> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >> "supportedGrantTypes": [ >> "client-credentials", "password" >> ], >> "callbackUrl": "http://localhost/callback";, >> "keyType": "PRODUCTION"} >> >> >> >> POST /applications/{applicationId}/generate-tokens >> >> { >> "consumerKey": "xxxxxxxxxxxxxxxxxxxxx", >> "consumerSecret": "yyyyyyyyyyyyyyyyyyyyyy", >> "validityPeriod": 3600, >> "scopes": "read write delete", >> "revokeToken": "zzzzzzzzzzzzzzzzzzzzz"} >> >> >> Response >> >> { >> "accessToken": "aaaaaaaaaaaaaaaaaaaaaaaaa", >> "tokenScopes": "read write", >> "validityTime": 3600} >> >> >> >> [1] [APIM][C5] Splitting "Generate Keys" operation in Store REST API >> >> Thanks, >> -- >> *Bhathiya Jayasekara* >> *Associate Technical Lead,* >> *WSO2 inc., http://wso2.com <http://wso2.com>* >> >> *Phone: +94715478185 <071%20547%208185>* >> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >> <http://www.linkedin.com/in/bhathiyaj>* >> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >> *Blog: http://movingaheadblog.blogspot.com >> <http://movingaheadblog.blogspot.com/>* >> > > > > -- > Thanks and Regards, > > Isuru H. > +94 716 358 048 <071%20635%208048>* <http://wso2.com/>* > > > -- *Thanks & Regards,* *Nuwan Bandara | Director - **Solutions Architecture, WSO2 Inc.* *+1 646 643 8618 | +1 650 745 2169 Ext 4212 | http://nuwanbando.com <http://nuwanbando.com> * <http://www.nuwanbando.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
